Question

Strength of PBKDF based AES key

TuteeHUB · Accepted Answer

{"id":7220,"user_id":8,"qa_id":4432,"answer_id":0,"answer":" 
Here is a stub of a system which would generate a key pair using AES 256 CBC in OpenSSL. The object of the code below is to generate two random passkeys, an AES key, and some other public data. The AES key would be used to exchange shared secrets.
Disclaimer: I am NOT an expert in Cryptography or Security Systems. I do realize the dangers but the point of this exercise is an academic interest. If there are novice errors or something entirely and dangerously incorrect, please do point it out to aid my learning.
// The key_generator() will produce the following public keys in addition
// to a couple of other private keys.
// public_identifier
// public_salt
// public_composite_identifier
// public_aes_key

int key_generator(/*some args*/)
{
    // Step 1
    //Obtain public_identifier. Possibly a hashed value of an unique ASCII string.
    unsigned char *public_identifier;


    // Step 2
    //Generate 256 bit private_primary_random_passkey which is secret. 
    //This random key is generated once and reused later.
    unsigned char *private_primary_random_passkey;

    if(RAND_bytes(private_primary_random_passkey, 256) == 0)     
        return FAILURE;


    // Step 3
    //Generate private_composite_identifier using public_identifier
    //and private_primary_random_passkey.
    //IMPORTANT - The method to obtain private_composite_identifier 
    //may be publicly known.  
    //The public_identifier is also publicly known but the 
    //private_primary_random_passkey is secret.
    unsigned char *private_composite_identifier;

    //
    //.....
    //


    // Step 4     
    //Generate temporary temp_private_aes_key and temp_private_aes_IV;
    //NOTE - Used dummy vars wherever key length is required. 
    //Assume correct length is passed in.

    int aes_rounds = 25000;

    unsigned char *temp_private_aes_key;
    unsigned char *temp_private_aes_IV;

    if(EVP_BytesToKey(EVP_aes_256_cbc(), 
                      EVP_sha512(), 
                      private_composite_identifier, 
                      private_primary_random_passkey, 
                      private_composite_identifier_length/8, 
                      aes_rounds, 
                      temp_private_aes_key, 
                      temp_private_aes_IV) == 0)     
        return FAILURE;    


    // Step 5
    //Generate 128 bit random salt which is public.
    unsigned char *public_salt;

    if(RAND_bytes(public_salt, 128) == 0)     
        return FAILURE;


    // Step 6
    //Generate private_composite_identifier and public_composite_identifier 
    //using temp_private_aes_key and public_salt.
    unsigned char *public_composite_identifier;
    unsigned char *private_composite_identifier;

    if(EVP_BytesToKey(EVP_aes_256_cbc(), 
                      EVP_sha512(), 
                      temp_private_aes_key,
                      public_salt,
                      temp_private_aes_key_length/8, 
                      aes_rounds, 
                      private_composite_identifier, 
                      public_composite_identifier) == 0)     
        return FAILURE;    


    // Step 7
    //Generate 128 bit private_secondary_random_passkey which is secret. 
    //This random key is generated once and reused later.
    unsigned char *private_secondary_random_passkey;

    if(RAND_bytes(private_secondary_random_passkey, 128) == 0)     
        return FAILURE;

    unsigned char *private_aes_key;
    unsigned char *public_aes_key;

    if(EVP_BytesToKey(EVP_aes_256_cbc(), 
                      EVP_sha512(), 
                      private_composite_identifier,
                      private_secondary_random_passkey,
                      private_composite_identifier_length/8, 
                      aes_rounds, 
                      private_aes_key, 
                     public_aes_key) == 0)

Popular Categories

Strength of PBKDF based AES key

Take Quiz To Earn Credits!

Answers (1)

manpreet Best Answer 2 years ago

Which operating system you favour and why?

What are the most popular tech portals in India?

What are best technologies available today for education / aiding learning?

What professional training certifications are most marketable?

What are the course certificates or skills that engineers should have other than their academics?

What is the full form of NABARD ?

How to refresh app upon shaking the device?

What are the govt exams after BCA?

TYPO3 v8. Override function in Core class

Why do people in India give so much importance to Government jobs?

<div>Question 1 </div>

<div>If 18,a, b, -3 are in A.P. find a+b </div><p><br></p>

<div>How Do You Ensure Accessibility (a11y) in Your Web Applications?</div>

<div>What Are Your Strategies for Debugging Complex Issues in Production?</div>

<div>How to Handle Large Data Sets in Frontend Applications Efficiently?</div>

Explore Other Libraries

Related Searches

Important General Tech Links

Join Our Community Today